Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive.
By Peter Horadan, CEO, Vouched
We've been hearing "passwords are dead" for decades and yet
they're still with us. But 2025 is
bringing several forcing functions that will bring real change to how we think about
identity. We're going to need to start
learning new techniques and reconsidering the tools we use as we find that
simple passwords are really no longer good enough.
Here are three things that will start to make us rethink
identity in 2025:
Prediction 1: 2025 Will Be the Year of 'Know Your Agent'
Banks have KYC: Know Your Customer. Doctors have KYP: Know
Your Patient. Soon, anyone offering internet services will need KYA: Know Your
Agent.
We've heard plenty about AI's dark side: deepfakes
impersonating users, bots overwhelming systems. But we're on the cusp of an era
where AI also works for good-automated agents that book travel, manage
finances, and organize schedules on our behalf. Sounds convenient, right? But
here's the hitch: when your travel bot tries to book a flight, how does the
airline know that bot is genuinely acting on your behalf? They can't send a
one-time passcode to your phone-you might be asleep while your bot works.
As the utility of these AI agents explodes, we face a
pressing challenge: inventing new protocols so service providers can trust
these agents. 2025 will be the year we begin to find ways navigate this new landscape.
Watching how we develop systems to authenticate not just humans but their
digital proxies will shape the future of identity on the web.
Prediction 2: 2025 Will Start the Fusion of Online and
Physical Authentication
We're all familiar with logging into services using a
username and password. But criminals are
getting really good at defeating these simple mechanisms. We've tried to amp our methods with multi-factor
authentication, and even introduced passkeys. Yet, these measures still won't
be enough.
Case in point: hackers recently stole over $1 million from
DoorDash by flawlessly impersonating drivers, replicating every detail down to
their selfie photos. This heist underscores a chilling reality-the
sophistication of digital deception is escalating.
A big part of the problem is there is no good way to fight
"photo insertion" with IDs online. You
can take a picture of a driver's license, but how do you know a fraudster
didn't simply replace the photo? This is
starting to change with Mobile Driver Licenses, where the State provides an
authenticated photo, but progress will be slow.
So, what's the solution for safeguarding high-value online
transactions where you don't even know what the user looks like? The answer
lies in blending the virtual with the physical. Think going to a kiosk in a
mall where you verify your identity in person. This physical authentication
then links to your online profile, creating a robust digital identity that
proves you're genuinely you.
As the skill of cybercriminals intensifies, physically
proving your identity may become a routine part of our online lives. In 2025,
don't be surprised if stopping by a verification kiosk becomes part of high
value online interactions. The battle for digital trust is pushing us to bridge
the gap between the online world and the real one, making personal
authentication a cornerstone of internet security.
Prediction 3: Consumers Will Face a Steep Learning Curve
with Passkeys
While the introduction of Passkeys is set to revolutionize
online security, the real story of 2025 will be the significant learning curve
consumers must overcome to use them effectively. Unlike traditional passwords,
Passkeys rely on cryptographic key pairs and function fundamentally
differently. Consumers will need to understand what a Passkey is and how it
differs from a password-not just in theory, but in everyday practice. This
shift isn't merely about adopting a new login method; it's about embracing a
new paradigm in digital authentication.
As Passkeys become more widespread, the use of password
managers will surge. Consumers will find themselves needing to sync Passkeys
across various devices-a process that isn't as simple as memorizing or jotting
down a password. Those who haven't yet adopted a password (or Passkey)
management app will find it increasingly necessary to do so, facilitating
seamless access across computers, smartphones, and tablets.
This newfound reliance on password managers will also push
consumers to delve deeper into how these apps operate. Critical questions will
arise: Can the company behind my password manager see my Passkeys? Could they
use or share them without my knowledge? Can the government see them? Privacy
and security concerns will prompt users to scrutinize the policies and
trustworthiness of these service providers closely.
So, while Passkeys promise enhanced security and a smoother
user experience, they also introduce complexity that consumers will need to
learn to navigate. The challenge lies not in the technology itself, but in
educating the public on relearning simple things like sharing a password from
one machine to another. As we edge
closer to a passwordless future, 2025 will be the year a lot of people will
near to learn a whole new toolset.
What do you think will change in identity in 2025? I'd love to hear from you at
peter.horadan@vouched.id
##
ABOUT THE AUTHOR